ruby_audit 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/.gitmodules +3 -0
- data/.rspec +1 -0
- data/.rubocop.yml +13 -0
- data/.ruby-version +1 -0
- data/.travis.yml +5 -0
- data/CHANGELOG.md +5 -0
- data/CONTRIBUTING.md +27 -0
- data/Gemfile +4 -0
- data/LICENSE.md +13 -0
- data/README.md +67 -0
- data/Rakefile +9 -0
- data/bin/console +7 -0
- data/bin/setup +8 -0
- data/exe/ruby-audit +6 -0
- data/lib/ruby_audit.rb +5 -0
- data/lib/ruby_audit/cli.rb +68 -0
- data/lib/ruby_audit/database.rb +49 -0
- data/lib/ruby_audit/scanner.rb +80 -0
- data/lib/ruby_audit/version.rb +3 -0
- data/ruby_audit.gemspec +33 -0
- metadata +166 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 51cf3ff827f2fdbe2820e818de13a2218944ce9a
|
4
|
+
data.tar.gz: 783bc7959bacd144fd046acf87abb019a2c79dd6
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 540ecf36b326b595bf50537d73196fbf4ceb1afa024a32311a4dde8d7ac932453ad60bcc4e80f259bc93d12f4fc4e0529d9e8374756606c16f34c152e769247a
|
7
|
+
data.tar.gz: 7e2a5503bfe817c767271dd86b39155a04675e5d2fec28c23708fefd52e816c7cbdd10dee61b492425b3b3a1e8c45636db2c7fcc0d899e8ddd7893a3bbd21a96
|
data/.gitignore
ADDED
data/.gitmodules
ADDED
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--color
|
data/.rubocop.yml
ADDED
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.3.0
|
data/.travis.yml
ADDED
data/CHANGELOG.md
ADDED
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
# Contributing to RubyAudit
|
2
|
+
|
3
|
+
We welcome pull requests from everyone!
|
4
|
+
|
5
|
+
## Getting Started
|
6
|
+
|
7
|
+
1. Fork it ( https://github.com/civisanalytics/ruby_audit/fork )
|
8
|
+
2. Install the development dependencies (`bundle install`)
|
9
|
+
3. Make sure you are able to run the test suite locally (`rake`)
|
10
|
+
4. Create a feature branch (`git checkout -b my-new-feature`)
|
11
|
+
5. Make your change. Don't forget tests
|
12
|
+
6. Make sure the test suite, including your new tests, passes (`rake`)
|
13
|
+
7. Commit your changes (`git commit -am 'Add some feature'`)
|
14
|
+
8. Push to the branch (`git push origin my-new-feature`)
|
15
|
+
9. Create a new pull request
|
16
|
+
10. If the Travis build fails, address any issues
|
17
|
+
|
18
|
+
## Tips
|
19
|
+
|
20
|
+
- All pull requests must include test coverage. If you’re not sure how to test
|
21
|
+
your changes, feel free to ask for help.
|
22
|
+
- Contributions must conform to the
|
23
|
+
[Ruby Style Guide](https://github.com/bbatsov/ruby-style-guide).
|
24
|
+
- Don’t forget to add your change to the [CHANGELOG](CHANGELOG.md). See
|
25
|
+
[Keep a CHANGELOG](http://keepachangelog.com/) for guidelines.
|
26
|
+
|
27
|
+
Thank you for taking the time to contribute to RubyAudit!
|
data/Gemfile
ADDED
data/LICENSE.md
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
Copyright (C) 2016 Civis Analytics
|
2
|
+
|
3
|
+
This program is free software: you can redistribute it and/or modify it under
|
4
|
+
the terms of the GNU General Public License as published by the Free Software
|
5
|
+
Foundation, either version 3 of the License, or (at your option) any later
|
6
|
+
version.
|
7
|
+
|
8
|
+
This program is distributed in the hope that it will be useful, but WITHOUT
|
9
|
+
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
10
|
+
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
11
|
+
|
12
|
+
You should have received a copy of the GNU General Public License along with
|
13
|
+
this program. If not, see <http://www.gnu.org/licenses/>.
|
data/README.md
ADDED
@@ -0,0 +1,67 @@
|
|
1
|
+
# RubyAudit
|
2
|
+
|
3
|
+
[](https://travis-ci.org/civisanalytics/ruby_audit)
|
4
|
+
[](http://badge.fury.io/rb/ruby_audit)
|
5
|
+
[](https://gemnasium.com/civisanalytics/ruby_audit)
|
6
|
+
|
7
|
+
RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version.
|
8
|
+
It complements [bundler-audit](https://github.com/rubysec/bundler-audit), providing complete coverage for your Ruby stack.
|
9
|
+
If you use Bundler, you should use both RubyAudit and bundler-audit.
|
10
|
+
|
11
|
+
RubyAudit is based on and leverages bundler-audit, and would not exist without the hard work of the [rubysec](https://github.com/rubysec) team, specifically bundler-audit and [ruby-advisory-db](https://github.com/rubysec/ruby-advisory-db).
|
12
|
+
|
13
|
+
"If I have seen further it is by standing on the shoulders of Giants." -- Isaac Newton
|
14
|
+
|
15
|
+
## Installation
|
16
|
+
|
17
|
+
Add this line to your application's Gemfile:
|
18
|
+
|
19
|
+
```ruby
|
20
|
+
gem 'ruby_audit'
|
21
|
+
```
|
22
|
+
|
23
|
+
And then execute:
|
24
|
+
|
25
|
+
$ bundle
|
26
|
+
|
27
|
+
Or install it yourself as:
|
28
|
+
|
29
|
+
$ gem install ruby_audit
|
30
|
+
|
31
|
+
## Usage
|
32
|
+
|
33
|
+
To check your current version of Ruby and RubyGems:
|
34
|
+
|
35
|
+
```bash
|
36
|
+
$ ruby-audit check
|
37
|
+
```
|
38
|
+
|
39
|
+
You can ignore specific advisories by specifying `-i <advisory>`:
|
40
|
+
|
41
|
+
```bash
|
42
|
+
$ ruby-audit check -i CVE-2015-7551
|
43
|
+
```
|
44
|
+
|
45
|
+
By default, RubyAudit will check for updates to the ruby-advisory-db when it runs.
|
46
|
+
If you are using RubyAudit offline, you can bypass this check by specifying `-n`:
|
47
|
+
|
48
|
+
```bash
|
49
|
+
$ ruby-audit check -n
|
50
|
+
```
|
51
|
+
|
52
|
+
## Development
|
53
|
+
|
54
|
+
After checking out the repo, run `bin/setup` to install dependencies.
|
55
|
+
Then, run `rake spec` to run the tests.
|
56
|
+
You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
57
|
+
|
58
|
+
To install this gem onto your local machine, run `bundle exec rake install`.
|
59
|
+
To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
60
|
+
|
61
|
+
## Contributing
|
62
|
+
|
63
|
+
See [CONTRIBUTING](CONTRIBUTING.md).
|
64
|
+
|
65
|
+
## License
|
66
|
+
|
67
|
+
RubyAudit is released under the [GNU General Public License version 3](LICENSE.md).
|
data/Rakefile
ADDED
data/bin/console
ADDED
data/bin/setup
ADDED
data/exe/ruby-audit
ADDED
data/lib/ruby_audit.rb
ADDED
@@ -0,0 +1,68 @@
|
|
1
|
+
module RubyAudit
|
2
|
+
class CLI < Bundler::Audit::CLI
|
3
|
+
desc 'check', 'Checks Ruby and RubyGems for insecure versions'
|
4
|
+
method_option :ignore, type: :array, aliases: '-i'
|
5
|
+
method_option :no_update, type: :boolean, aliases: '-n'
|
6
|
+
method_option :verbose, type: :boolean, aliases: '-v'
|
7
|
+
def check
|
8
|
+
update unless options[:no_update]
|
9
|
+
|
10
|
+
check_for_stale_database
|
11
|
+
|
12
|
+
scanner = Scanner.new
|
13
|
+
vulnerable = false
|
14
|
+
|
15
|
+
scanner.scan(ignore: options[:ignore]) do |result|
|
16
|
+
vulnerable = true
|
17
|
+
print_advisory result.gem, result.advisory
|
18
|
+
end
|
19
|
+
|
20
|
+
if vulnerable
|
21
|
+
say 'Vulnerabilities found!', :red
|
22
|
+
exit 1
|
23
|
+
else
|
24
|
+
say 'No vulnerabilities found', :green
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
# Copied from bundler-audit master. Not present in 0.4.0.
|
29
|
+
desc 'update', 'Updates the ruby-advisory-db'
|
30
|
+
def update
|
31
|
+
say 'Updating ruby-advisory-db ...'
|
32
|
+
|
33
|
+
case Database.update!
|
34
|
+
when true
|
35
|
+
say 'Updated ruby-advisory-db', :green
|
36
|
+
when false
|
37
|
+
say 'Failed updating ruby-advisory-db!', :red
|
38
|
+
exit 1
|
39
|
+
when nil
|
40
|
+
say 'Skipping update', :yellow
|
41
|
+
end
|
42
|
+
|
43
|
+
puts "ruby-advisory-db: #{Database.new.size} advisories"
|
44
|
+
end
|
45
|
+
|
46
|
+
desc 'version', 'Prints the ruby-audit version'
|
47
|
+
def version
|
48
|
+
database = Database.new
|
49
|
+
puts "#{File.basename($PROGRAM_NAME)} #{VERSION} "\
|
50
|
+
"(advisories: #{database.size})"
|
51
|
+
end
|
52
|
+
|
53
|
+
private
|
54
|
+
|
55
|
+
def check_for_stale_database
|
56
|
+
database = Database.new
|
57
|
+
if database.size == 89
|
58
|
+
# bundler-audit 0.4.0 comes bundled with an old verison of
|
59
|
+
# ruby-advisory-db that has 89 advisories and NO advisories for Ruby
|
60
|
+
# or RubyGems. If #size == 89, the database has never been updated.
|
61
|
+
say 'The database must be updated before using RubyAudit', :red
|
62
|
+
exit 1
|
63
|
+
elsif database.stale
|
64
|
+
say 'The database has not been updated in over 7 days', :yellow
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
module RubyAudit
|
2
|
+
class Database < Bundler::Audit::Database
|
3
|
+
def advisories_for(name, type)
|
4
|
+
return enum_for(__method__, name, type) unless block_given?
|
5
|
+
|
6
|
+
each_advisory_path_for(name, type) do |path|
|
7
|
+
yield Bundler::Audit::Advisory.load(path)
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
def check_ruby(ruby, &block)
|
12
|
+
check(ruby, 'rubies', &block)
|
13
|
+
end
|
14
|
+
|
15
|
+
def check_library(library, &block)
|
16
|
+
check(library, 'libraries', &block)
|
17
|
+
end
|
18
|
+
|
19
|
+
def check(object, type = 'gems')
|
20
|
+
return enum_for(__method__, object, type) unless block_given?
|
21
|
+
|
22
|
+
advisories_for(object.name, type) do |advisory|
|
23
|
+
yield advisory if advisory.vulnerable?(object.version)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def stale
|
28
|
+
if File.directory?(USER_PATH) &&
|
29
|
+
File.exist?(File.join(USER_PATH, '.git'))
|
30
|
+
ts = Time.parse(
|
31
|
+
`cd #{USER_PATH} && git log --date=iso8601 --pretty="%cd" -1`).utc
|
32
|
+
ts < (Date.today - 7).to_time
|
33
|
+
else
|
34
|
+
true
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
protected
|
39
|
+
|
40
|
+
def each_advisory_path(&block)
|
41
|
+
Dir.glob(File.join(@path, '{gems,libraries,rubies}', '*', '*.yml'),
|
42
|
+
&block)
|
43
|
+
end
|
44
|
+
|
45
|
+
def each_advisory_path_for(name, type = 'gems', &block)
|
46
|
+
Dir.glob(File.join(@path, type, name, '*.yml'), &block)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
module RubyAudit
|
2
|
+
class Scanner < Bundler::Audit::Scanner
|
3
|
+
class Version
|
4
|
+
def initialize(name, version)
|
5
|
+
@name = name
|
6
|
+
@version = Gem::Version.new(version)
|
7
|
+
end
|
8
|
+
|
9
|
+
attr_reader :name, :version
|
10
|
+
end
|
11
|
+
|
12
|
+
def initialize
|
13
|
+
@database = Database.new
|
14
|
+
end
|
15
|
+
|
16
|
+
def scan(options = {}, &block)
|
17
|
+
return enum_for(__method__, options) unless block
|
18
|
+
|
19
|
+
scan_ruby(options, &block)
|
20
|
+
scan_rubygems(options, &block)
|
21
|
+
|
22
|
+
self
|
23
|
+
end
|
24
|
+
|
25
|
+
def scan_ruby(options = {}, &block)
|
26
|
+
if RUBY_PATCHLEVEL < 0
|
27
|
+
version = ruby_version
|
28
|
+
else
|
29
|
+
version = "#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
|
30
|
+
end
|
31
|
+
specs = [Version.new(RUBY_ENGINE, version)]
|
32
|
+
scan_inner(specs, 'ruby', options, &block)
|
33
|
+
end
|
34
|
+
|
35
|
+
def scan_rubygems(options = {}, &block)
|
36
|
+
specs = [Version.new('rubygems', rubygems_version)]
|
37
|
+
scan_inner(specs, 'library', options, &block)
|
38
|
+
end
|
39
|
+
|
40
|
+
private
|
41
|
+
|
42
|
+
def ruby_version
|
43
|
+
# .gsub to separate strings (e.g., 2.1.0dev -> 2.1.0.dev,
|
44
|
+
# 2.2.0preview1 -> 2.2.0.preview.1).
|
45
|
+
`ruby --version`.split[1]
|
46
|
+
.gsub(/(\d)([a-z]+)/, '\1.\2')
|
47
|
+
.gsub(/([a-z]+)(\d)/, '\1.\2')
|
48
|
+
end
|
49
|
+
|
50
|
+
def rubygems_version
|
51
|
+
`gem --version`.strip
|
52
|
+
end
|
53
|
+
|
54
|
+
def scan_inner(specs, type, options = {})
|
55
|
+
return enum_for(__method__, options) unless block_given?
|
56
|
+
|
57
|
+
ignore = Set[]
|
58
|
+
ignore += options[:ignore] if options[:ignore]
|
59
|
+
|
60
|
+
specs.each do |spec|
|
61
|
+
@database.send("check_#{type}".to_sym, spec) do |advisory|
|
62
|
+
unless ignore.include?(cve_id(advisory)) ||
|
63
|
+
ignore.include?(osvdb_id(advisory))
|
64
|
+
yield UnpatchedGem.new(spec, advisory)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
# Workaround for advisory.cve_id, present in master but not 0.4.0.
|
71
|
+
def cve_id(advisory)
|
72
|
+
"CVE-#{advisory.cve}" if advisory.cve
|
73
|
+
end
|
74
|
+
|
75
|
+
# Workaround for advisory.osvdb_id, present in master but not 0.4.0.
|
76
|
+
def osvdb_id(advisory)
|
77
|
+
"OSVDB-#{advisory.osvdb}" if advisory.osvdb
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
data/ruby_audit.gemspec
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'ruby_audit/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = 'ruby_audit'
|
8
|
+
spec.version = RubyAudit::VERSION
|
9
|
+
spec.authors = ['Jeff Cousens']
|
10
|
+
spec.email = ['opensource@civisanalytics.com']
|
11
|
+
|
12
|
+
spec.summary = 'Checks Ruby and RubyGems against known vulnerabilities.'
|
13
|
+
spec.description = 'RubyAudit checks your current version of Ruby and ' \
|
14
|
+
'RubyGems against known security vulnerabilities ' \
|
15
|
+
'(CVEs), alerting you if you are using an insecure ' \
|
16
|
+
'version. It complements bundler-audit, providing ' \
|
17
|
+
'complete coverage for your Ruby stack.'
|
18
|
+
spec.homepage = 'https://github.com/civisanalytics/ruby_audit'
|
19
|
+
spec.license = 'GPLv3'
|
20
|
+
|
21
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
22
|
+
spec.bindir = 'exe'
|
23
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
24
|
+
spec.require_paths = ['lib']
|
25
|
+
|
26
|
+
spec.add_dependency 'bundler-audit', '~> 0.4.0'
|
27
|
+
spec.add_development_dependency 'bundler', '~> 1.11'
|
28
|
+
spec.add_development_dependency 'pry', '~> 0.10.3'
|
29
|
+
spec.add_development_dependency 'rake', '~> 10.5'
|
30
|
+
spec.add_development_dependency 'rspec', '~> 3.4'
|
31
|
+
spec.add_development_dependency 'rubocop', '~> 0.35.0'
|
32
|
+
spec.add_development_dependency 'timecop', '~> 0.8.0'
|
33
|
+
end
|
metadata
ADDED
@@ -0,0 +1,166 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ruby_audit
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Jeff Cousens
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-02-03 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler-audit
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.4.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.4.0
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.11'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.11'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: pry
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 0.10.3
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 0.10.3
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '10.5'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '10.5'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rspec
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '3.4'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '3.4'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rubocop
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: 0.35.0
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 0.35.0
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: timecop
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: 0.8.0
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: 0.8.0
|
111
|
+
description: RubyAudit checks your current version of Ruby and RubyGems against known
|
112
|
+
security vulnerabilities (CVEs), alerting you if you are using an insecure version.
|
113
|
+
It complements bundler-audit, providing complete coverage for your Ruby stack.
|
114
|
+
email:
|
115
|
+
- opensource@civisanalytics.com
|
116
|
+
executables:
|
117
|
+
- ruby-audit
|
118
|
+
extensions: []
|
119
|
+
extra_rdoc_files: []
|
120
|
+
files:
|
121
|
+
- ".gitignore"
|
122
|
+
- ".gitmodules"
|
123
|
+
- ".rspec"
|
124
|
+
- ".rubocop.yml"
|
125
|
+
- ".ruby-version"
|
126
|
+
- ".travis.yml"
|
127
|
+
- CHANGELOG.md
|
128
|
+
- CONTRIBUTING.md
|
129
|
+
- Gemfile
|
130
|
+
- LICENSE.md
|
131
|
+
- README.md
|
132
|
+
- Rakefile
|
133
|
+
- bin/console
|
134
|
+
- bin/setup
|
135
|
+
- exe/ruby-audit
|
136
|
+
- lib/ruby_audit.rb
|
137
|
+
- lib/ruby_audit/cli.rb
|
138
|
+
- lib/ruby_audit/database.rb
|
139
|
+
- lib/ruby_audit/scanner.rb
|
140
|
+
- lib/ruby_audit/version.rb
|
141
|
+
- ruby_audit.gemspec
|
142
|
+
homepage: https://github.com/civisanalytics/ruby_audit
|
143
|
+
licenses:
|
144
|
+
- GPLv3
|
145
|
+
metadata: {}
|
146
|
+
post_install_message:
|
147
|
+
rdoc_options: []
|
148
|
+
require_paths:
|
149
|
+
- lib
|
150
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
151
|
+
requirements:
|
152
|
+
- - ">="
|
153
|
+
- !ruby/object:Gem::Version
|
154
|
+
version: '0'
|
155
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - ">="
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '0'
|
160
|
+
requirements: []
|
161
|
+
rubyforge_project:
|
162
|
+
rubygems_version: 2.5.1
|
163
|
+
signing_key:
|
164
|
+
specification_version: 4
|
165
|
+
summary: Checks Ruby and RubyGems against known vulnerabilities.
|
166
|
+
test_files: []
|